Production-grade container monitoring, auto-healing and dashboard solutions.
π οΈ Service Configuration
- Logging (
default-logging)
- Labels (
default-labels)
- Resource limits (
resource-limits)
Core Services
| management.yml |
|---|
| ---
x-logging: &default-logging
driver: loki
options: &default-logging-options
loki-url: https://loki.${SYNOLOGY_BASIC_URL}/loki/api/v1/push
loki-retries: 5
loki-batch-size: 400
loki-batch-wait: 2s
loki-timeout: 10s
loki-max-backoff: 5s
loki-min-backoff: 1s
loki-tenant-id: default
x-labels: &default-labels
com.centurylinklabs.watchtower.enable: true
recreat.container: true
container.label.group: management
x-limits: &resource-limits
mem_limit: 256m
mem_reservation: 64m
cpu_shares: "512"
restart: always
networks:
dockerization:
services:
watchtower:
image: containrrr/watchtower
container_name: watchtower
hostname: watchtower
<<: *resource-limits
logging:
<<: *default-logging
options:
<<: *default-logging-options
loki-external-labels: job=watchtower
environment:
UID: ${UID_NAS_ADMIN:-1026} # (1)!
GID: ${GID_NAS_ADMIN:-100} # (2)!
WATCHTOWER_CLEANUP: true # (3)!
WATCHTOWER_LABEL_ENABLE: true # (4)!
WATCHTOWER_DEBUG: true # (5)!
WATCHTOWER_ROLLING_RESTART: true # (6)!
WATCHTOWER_INCLUDE_STOPPED: true # (7)!
NO_COLOR: 1 # (8)!
WATCHTOWER_NO_SETUP_MESSAGE: true # (9)!
WATCHTOWER_TIMEOUT: 30s # (10)!
WATCHTOWER_NO_RESTART: false # (11)!
WATCHTOWER_POLL_INTERVAL: 30 # (12)!
WATCHTOWER_HTTP_API_UPDATE: true # (13)!
WATCHTOWER_HTTP_API_METRICS: true # (14)!
WATCHTOWER_HTTP_API_PERIODIC_POLLS: true # (15)!
DOCKER_TLS_VERIFY: true # (16)!
WATCHTOWER_LOG_LEVEL: info # (17)!
DOCKER_API_VERSION: 1.41 # (18)!
WATCHTOWER_REMOVE_VOLUMES: false # (19)!
WATCHTOWER_TRACE: true # (20)!
WATCHTOWER_HTTP_API_TOKEN: ${WATCHTOWER_HTTP_API_TOKEN:? Token is missing} # (21)!
ports:
- target: 8080
published: 8080
protocol: tcp
mode: host
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
read_only: true
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
- type: bind
source: /root/.docker/config.json
target: /root/.docker/config.json
read_only: true
labels:
<<: *default-labels
monitoring: watchtower
autoheal:
image: willfarrell/autoheal
container_name: autoheal
hostname: autoheal
<<: *resource-limits
logging:
<<: *default-logging
options:
<<: *default-logging-options
loki-external-labels: job=autoheal
environment:
UID: ${UID_NAS_ADMIN:-1026} # (22)!
GID: ${GID_NAS_ADMIN:-100} # (23)!
AUTOHEAL_INTERVAL: 60s # (24)!
AUTOHEAL_CONTAINER_LABEL: recreat.container # (25)!
DOCKER_HOST: unix:///var/run/docker.sock # (26)!
WEBHOOK_URL: https://gotify.${SYNOLOGY_BASIC_URL}/message?token=${WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN} # (27)!
AUTOHEAL_ONLY_MONITOR_RUNNING: false # (28)!
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
read_only: true
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
labels:
<<: *default-labels
monitoring: autoheal
dashy:
container_name: dashy
hostname: dashy
image: lissy93/dashy:latest
<<: *resource-limits
logging:
<<: *default-logging
options:
<<: *default-logging-options
loki-external-labels: job=dashy
environment:
NODE_ENV: production # (29)!
ports:
- target: 8080
published: 90
protocol: tcp
mode: host
volumes:
- type: bind
source: ${MOUNT_PATH_DOCKER_ROOT}/compose/config/dashy.yml
target: /app/user-data/conf.yml
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
labels:
<<: *default-labels
monitoring: dashy
networks:
dockerization:
external: true
|
- User ID for permissions (default: 1026)
- Group ID for permissions (default: 100)
- Automatically clean up old images
- Enable container monitoring by label
- Enable debug mode
- Enable rolling restarts
- Monitor stopped containers
- Disable colored output
- Disable setup message
- Container stop timeout (30s)
- Disable container restarts (false)
- Check interval in seconds (30)
- Enable HTTP API updates
- Enable metrics endpoint
- Enable periodic polls via API
- Enable TLS verification
- Log level (info)
- Docker API version (1.41)
- Remove volumes with containers (false)
- Enable trace logging
- Required API token
- User ID for permissions (default: 1026)
- Group ID for permissions (default: 100)
- Health check interval (60s)
- Label to identify containers to monitor
- Docker socket path
- Gotify webhook URL for notifications
- Monitor only running containers (false)
- Environment PROD
π Required Environment Variables
| Variable |
Description |
Required |
UID_NAS_ADMIN |
User ID for volume permissions |
β οΈ Recommended |
GID_NAS_ADMIN |
Group ID for volume permissions |
β οΈ Recommended |
WATCHTOWER_HTTP_API_TOKEN |
Watchtower API token |
β
|
MOUNT_PATH_DOCKER_ROOT |
Base storage path |
β
|
SYNOLOGY_BASIC_URL |
Base domain for services |
β
|
DASHY_PORT |
Dashy web interface port |
β οΈ Recommended |
Security Notice
- Be stored in
.env files
- Have restricted permissions (
chmod 600)
- Never be committed to version control
- Be rotated periodically
π Deployment
- Create
.env file with required variables
- Initialize volumes
mkdir -p ${MOUNT_PATH_DOCKER_ROOT}/{compose/config}
chown -R ${UID_NAS_ADMIN:-1026}:${GID_NAS_ADMIN:-100} ${MOUNT_PATH_DOCKER_ROOT}
- Start services
docker-compose -f management.yml up -d
π Maintenance
- Updates
docker-compose -f management.yml pull && docker-compose -f management.yml up -d
- Logs
docker-compose -f management.yml logs -f